Safe Harbor Privacy Policy for the Sodexo Maximo Website Application

Effective Date
May 28, 2016

Sodexo is committed to protecting the data and privacy rights of the users of the Maximo Website Application.  In support of our commitment to privacy, this Safe Harbor Privacy Policy for the Sodexo Maximo Website Application (“Privacy Policy”) conforms to the Safe Harbor Principles published by the U.S. Department of Commerce and outlines Sodexo’s privacy practices concerning the transfer of personal data from the European Economic Area, (which includes the twenty-eight member states of the European Union plus Iceland, Liechtenstein and Norway) and from Switzerland, into the United States. This Privacy Policy describes the types of information we gather, how we use it, and the notice and choice affected individuals have regarding Sodexo’s use of that information and their ability to change that information. 

Safe Harbor Overview 
The U.S. Department of Commerce and the European Commission previously agreed on a set of data protection principles and frequently asked questions (the “U.S.-EU Safe Harbor Privacy Principles”) that formerly enabled U.S. companies to satisfy the requirement under European Union law that adequate protection be given to personal information transferred from the European Union to the United States.  The European Economic Area (EEA) also previously recognized the U.S.-EU Safe Harbor Privacy Principles as having provided adequate data protection.  The U.S.-EU Safe Harbor Privacy Principles are no longer considered a valid data transfer mechanism in the EEA.  Nevertheless, Sodexo continues to comply with the U.S.-EU Safe Harbor Privacy Principles.  The U.S. Department of Commerce and the Federal Data Protection and Information Commissioner (FDPIC) of Switzerland have agreed on a similar set of data protection principles and frequently asked questions (the “U.S.-Swiss Safe Harbor Privacy Principles”) to enable U.S. companies to satisfy the requirement under Swiss law that adequate protection be given to personal information transferred from Switzerland to the United States. Sodexo has certified that it adheres to the U.S.-EU and U.S.-Swiss Safe Harbor Privacy Principles (collectively the “Safe Harbor Privacy Principles”).  To learn more about the Safe Harbor program and/or to view our certification page, please visit http://www.export.gov/safeharbor.

Scope 
At Sodexo, we follow the Safe Harbor Privacy Principles published by the U.S. Department of Commerce with respect to all personal information maintained in the Maximo Website Application. 

Definitions 
For purposes of this Privacy Policy, the following definitions apply:

“Agent” means any third party that collects or uses personal information under the instructions of, and solely for, Sodexo or to which Sodexo discloses personal information for use on Sodexo's behalf.

“Sodexo” means Sodexo, Inc., and includes its predecessors, successors, subsidiaries, divisions, and groups in the United States.

“Personal information” means any information or set of information that identifies or could be used by or on behalf of Sodexo to identify an individual.

“Maximo Website Application” means Sodexo’s global Maximo application, which is a web based, centrally hosted (in North America) integrated facilities management platform.  It is based on a global core model, providing end users with an easy to use, end-to-end solution in multiple countries (including the European Union), and languages.  Sodexo operates this application in support of its facilities management services, provided to its customers and maintains and manages the application utilizing supporting processes and tools which enable the transfer of data into the application and validation of that data.  This definition includes the tools and processes used in the support and maintenance of the application.

Privacy Principles 
The privacy principles in this Privacy Policy have been developed based on the Safe Harbor Privacy Principles.

Where Sodexo collects Personal Information directly from individuals in the European Economic Area and Switzerland, through the Maximo Website Application, Sodexo will comply with the Safe Harbor Privacy Principles described in this Privacy Policy.

Notice 
Notice will be provided in clear and conspicuous language when individuals access the www.sodexoUSA.com website, and in any event before Sodexo uses or discloses the information for a purpose other than that for which it was originally collected.

Personal information acquired by the application will only be used for its intended purpose.  In providing Personal Information to Sodexo, you agree and consent to the collection, use, and sharing of your Personal Information in accordance with this Privacy Policy. 

To use the application, you may be required to register by providing contact information such as a user ID, password, name, business title, business address, business telephone number, business e-mail address and/or other contact information.  Sodexo may use this information to communicate with you regarding changes in functionality of the web application, billing, help desk or service requests, and/or other activities relating to the operation of the application.

In addition to the Personal Information you actively provide, Sodexo will also collect information about your application session including IP address, and login entry and exit points.

Lastly, Sodexo will collect information concerning interaction with the Maximo Website Application, including transactions and other usage.  We may use this transactional data for its intended purpose within Sodexo’s business with, for, or on behalf of you or your employer.  We will not share this transactional data with any third-party except to the extent reasonably required in Sodexo’s business with, for, or on behalf of your employer or to respond to a service request or other inquiry you make of us.

In summary, Sodexo will use your Personal Information for the purposes of:

  • Processing and managing your work order or service request
  • Communicating with you about your work order or service request
  • Managing your account
  • Responding to your customer service inquiries
  • Communicating, to the extent required, with and managing our relationship with Sodexo’s consultants, strategic partners, agents, distributors, suppliers, contractors and other third parties in order to provide services you have requested;
  • Improving the Maximo Website Application
  • Meeting any applicable legal and/or regulatory requirements
  • Any other purpose to which you have consented

Choice 
Sodexo does not transfer, share, sell Personal Information collected or stored within the Maximo Website Application to any third-party, except to the extent reasonably required in Sodexo’s business with, for, or on behalf of your employer or to respond to a service request or other inquiry you make of us.  Therefore, at this time, Sodexo does not provide an opt-out for transferring, sharing, selling your Personal Information for the purposes stated above.  In any event, before Sodexo uses or discloses your information for a purpose other than that for which it was originally collected, you will be notified and you will have the opportunity to opt out of such disclosures as required by regulation or statute.

Data Integrity 
Sodexo will use Personal Information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual to which the information pertains. Sodexo will take reasonable steps to ensure that Personal Information is relevant for its intended use, accurate, complete, and current.

Transfers to Agents 
Sodexo may share information with third-parties that provide support services to Sodexo such as contractors we engage to provide services you have requested.  These companies may need information about you in order to perform their functions in accordance with the services you request or to assist Sodexo in maintaining the Maximo Website Application. These companies are not permitted to use the information we share with them for any other purpose.  Additionally, Sodexo may disclose specific information upon governmental request, in response to a court order, when required by law, to enforce our corporate policies, or to protect the rights, property, and/or safety of others.  Sodexo does not provide Personal Information to these agencies or companies for marketing or commercial purposes.

In the event of a sale of some or all of our business, Sodexo may disclose Personal Information to those involved in a transfer of all or part of the assets or business.

Access and Correction 
To remove or modify your Personal Information, you may either 1) login to the Maximo Website Application and modify your Personal Information in the profile area of your account or, 2) contact your Maximo support team at your facility. 

Security 
Sodexo maintains appropriate physical, administrative, and technical security safeguards with respect to its offices and information storage facilities so as to prevent the loss of, misuse, unauthorized access to, disclosure, and/or modification of Personal Information. For transmission purposes, we encrypt Personal Information prior to sending with the use of Secure Socket Layer (SSL) technology so as to ensure your information is safe as it is sent over the Internet to our Maximo website Application through the user interface and/or where it is stored before loading to the Maximo website Application in our SharePoint site. 

Information transferred using e-mail will be in clear-text and not encrypted. 

Enforcement and Dispute Resolution 
Sodexo uses a self-assessment approach to assure compliance with this Privacy Policy and periodically verifies that such is accurate and complete.  Sodexo will investigate and/or resolve any concern, complaint or question in accordance with this Privacy Policy.  Any concern arising from the use or disclosure of Personal Information can be directed to Sodexo’s Office of Ethics, Compliance and Privacy through the following contact information at SafeHarborPrivacy.USA@sodexo.com. Sodexo has agreed to participate in the dispute resolution procedures of the panel established by the European Union data protection authorities (DPAs), as well as to cooperate and comply with the Federal Data Protection and Information Commissioner (FDPIC) of Switzerland, as applicable, to resolve disputes pursuant to the Safe Harbor Privacy Principles. The EU DPAs’ panel may be contacted at ec-dppanel-secr@ec.europa.eu and the EU DPAs may be contacted directly via the information provided at http://ec.europa.eu/justice/data-protection/bodies/authorities/eu/index_en.htm. The contact information for the Swiss FDPIC can be found at:  http://www.edoeb.admin.ch/kontakt/index.html?lang=en. The appropriate statutory body that has jurisdiction to hear any claims against Sodexo regarding possible unfair or deceptive practices and violations of laws or regulations governing Sodexo’s privacy practices is the U.S. Federal Trade Commission.

Changes to this Safe Harbor Privacy Policy

Sodexo reserves the right to change its Privacy Policy from time to time, as appropriate.  In the event we change our Privacy Policy, we will prominently post the effective date of our new Privacy Policy on the Maximo Website Application.  For this reason, we encourage you to periodically visit the website to view any updates and/or changes to our Privacy Policy.

Contact Information 
In the event you have any questions, comments, and/or concerns about this Privacy Policy or your Personal Information, please direct such to Sodexo’s Office of Ethics, Compliance and Privacy at SafeHarborPrivacy.USA@sodexo.com.